test(usr): user create integration coverage REQ-USR-001

zichun
1 parent eea41dba
Showing 4 changed files with 278 additions and 6 deletions
backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java
backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java
backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java
backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java
+package com.xly.erp.common.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class PasswordEncoderConfig {
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -5,7 +5,6 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -32,9 +31,4 @@ public class SecurityConfig {
                 .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
         return http.build();
     }
-
-    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
 }
+package com.xly.erp.module.usr.controller;
+
+import com.xly.erp.common.response.Result;
+import com.xly.erp.module.usr.dto.CreateUserDTO;
+import com.xly.erp.module.usr.service.UserService;
+import jakarta.validation.Valid;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/usr")
+public class UserController {
+
+    private final UserService userService;
+
+    public UserController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @PostMapping("/users")
+    public Result<Map<String, Object>> create(@Valid @RequestBody CreateUserDTO dto) {
+        return Result.ok(userService.create(dto));
+    }
+}
+package com.xly.erp.module.usr.controller;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.xly.erp.common.security.TestJwtHelper;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.test.web.server.LocalServerPort;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.test.context.ActiveProfiles;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ActiveProfiles("test")
+class UserControllerIT {
+
+    @Autowired
+    private TestRestTemplate rest;
+
+    @Autowired
+    private TestJwtHelper testJwtHelper;
+
+    @Autowired
+    private JdbcTemplate jdbcTemplate;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @LocalServerPort
+    private int port;
+
+    @BeforeEach
+    @AfterEach
+    void cleanup() {
+        jdbcTemplate.update("DELETE FROM tUserPermission WHERE iUserId IN "
+                + "(SELECT iIncrement FROM tUser WHERE sUserNo LIKE 'sp_test_%')");
+        jdbcTemplate.update("DELETE FROM tUser WHERE sUserNo LIKE 'sp_test_%'");
+        jdbcTemplate.update("DELETE FROM tStaff WHERE sStaffNo LIKE 'sp_test_%'");
+        jdbcTemplate.update("DELETE FROM tPermissionCategory WHERE sCategoryCode LIKE 'sp_test_%'");
+    }
+
+    @Test
+    void postValidBody_with_jwt_returns200_andPersists() throws Exception {
+        Integer staffId = insertStaff("sp_test_st1", "员工1");
+        Integer cat1 = insertCategory("sp_test_pc1", "权限A");
+        Integer cat2 = insertCategory("sp_test_pc2", "权限B");
+
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> body = baseBody("sp_test_u_ok", "正常用户");
+        body.put("iStaffId", staffId);
+        body.put("permissionCategoryIds", List.of(cat1, cat2));
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        JsonNode jb = objectMapper.readTree(resp.getBody());
+        assertThat(jb.get("code").asInt()).isZero();
+        int newId = jb.get("data").get("iIncrement").asInt();
+        assertThat(jb.get("data").get("sUserNo").asText()).isEqualTo("sp_test_u_ok");
+
+        Map<String, Object> row = jdbcTemplate.queryForMap(
+                "SELECT sBrandsId, sCreatedBy, sUserType FROM tUser WHERE iIncrement = ?", newId);
+        assertThat(row.get("sBrandsId")).isEqualTo("XLY");
+        assertThat(row.get("sCreatedBy")).isEqualTo("ADMIN001");
+        Integer permCount = jdbcTemplate.queryForObject(
+                "SELECT COUNT(1) FROM tUserPermission WHERE iUserId = ?", Integer.class, newId);
+        assertThat(permCount).isEqualTo(2);
+    }
+
+    @Test
+    void postEmptyBody_returns40001() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>("{}", headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001);
+    }
+
+    @Test
+    void postInvalidUserType_returns40001() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> body = baseBody("sp_test_u_invtype", "枚举");
+        body.put("sUserType", "火星");
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001);
+    }
+
+    @Test
+    void postInvalidLanguage_returns40001() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> body = baseBody("sp_test_u_invlang", "枚举");
+        body.put("sLanguage", "ja");
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001);
+    }
+
+    @Test
+    void postDuplicateUserNo_returns40020() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> first = baseBody("sp_test_u_dup", "首次");
+        ResponseEntity<String> r1 = rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(first, headers), String.class);
+        assertThat(objectMapper.readTree(r1.getBody()).get("code").asInt()).isZero();
+
+        Map<String, Object> dup = baseBody("sp_test_u_dup", "重复");
+        dup.put("sUserName", "sp_test_u_dup_other");
+        ResponseEntity<String> r2 = rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(dup, headers), String.class);
+        assertThat(objectMapper.readTree(r2.getBody()).get("code").asInt()).isEqualTo(40020);
+    }
+
+    @Test
+    void postStaffNotFound_returns40022() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> body = baseBody("sp_test_u_nostaff", "缺职员");
+        body.put("iStaffId", 99999990);
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40022);
+    }
+
+    @Test
+    void postPermissionCategoryNotFound_returns40023() throws Exception {
+        String token = testJwtHelper.signFor("ADMIN001");
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer " + token);
+        Map<String, Object> body = baseBody("sp_test_u_nocat", "缺权限");
+        body.put("permissionCategoryIds", List.of(99999991));
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40023);
+    }
+
+    @Test
+    void postWithoutJwt_permitAllStub_returns200_andCreatedBySTUBADMIN() throws Exception {
+        HttpHeaders headers = jsonHeaders();
+        Map<String, Object> body = baseBody("sp_test_u_nojwt", "无JWT");
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        JsonNode jb = objectMapper.readTree(resp.getBody());
+        assertThat(jb.get("code").asInt()).isZero();
+        int newId = jb.get("data").get("iIncrement").asInt();
+        String createdBy = jdbcTemplate.queryForObject(
+                "SELECT sCreatedBy FROM tUser WHERE iIncrement = ?", String.class, newId);
+        assertThat(createdBy).isEqualTo("STUB_ADMIN");
+    }
+
+    @Test
+    void postTamperedJwt_returns20001() throws Exception {
+        HttpHeaders headers = jsonHeaders();
+        headers.set("Authorization", "Bearer not.a.real.jwt");
+        Map<String, Object> body = baseBody("sp_test_u_tamper", "伪JWT");
+
+        ResponseEntity<String> resp = rest.exchange(
+                url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class);
+
+        assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(20001);
+        Integer count = jdbcTemplate.queryForObject(
+                "SELECT COUNT(1) FROM tUser WHERE sUserNo = 'sp_test_u_tamper'", Integer.class);
+        assertThat(count).isZero();
+    }
+
+    private Integer insertStaff(String staffNo, String name) {
+        jdbcTemplate.update(
+                "INSERT INTO tStaff (sBrandsId, sSubsidiaryId, tCreateDate, sStaffNo, sStaffName, sCreatedBy, bDeleted) "
+                        + "VALUES ('XLY','XLY', NOW(), ?, ?, 'STUB_ADMIN', 0)", staffNo, name);
+        return jdbcTemplate.queryForObject(
+                "SELECT iIncrement FROM tStaff WHERE sStaffNo = ?", Integer.class, staffNo);
+    }
+
+    private Integer insertCategory(String code, String name) {
+        jdbcTemplate.update(
+                "INSERT INTO tPermissionCategory (sBrandsId, sSubsidiaryId, tCreateDate, sCategoryCode, sCategoryName, "
+                        + "iSortOrder, sCreatedBy, bDeleted) "
+                        + "VALUES ('XLY','XLY', NOW(), ?, ?, 0, 'STUB_ADMIN', 0)", code, name);
+        return jdbcTemplate.queryForObject(
+                "SELECT iIncrement FROM tPermissionCategory WHERE sCategoryCode = ?", Integer.class, code);
+    }
+
+    private static Map<String, Object> baseBody(String userNo, String userName) {
+        Map<String, Object> m = new HashMap<>();
+        m.put("sUserNo", userNo);
+        m.put("sUserName", userName);
+        m.put("sUserType", "普通用户");
+        m.put("sLanguage", "zh");
+        m.put("bCanModifyDocs", false);
+        return m;
+    }
+
+    private static HttpHeaders jsonHeaders() {
+        HttpHeaders h = new HttpHeaders();
+        h.setContentType(MediaType.APPLICATION_JSON);
+        return h;
+    }
+
+    private String url() {
+        return "http://localhost:" + port + "/api/usr/users";
+    }
+}